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DETAILED ACTION 
Response to Amendment 

1 . This action is in response to the RCE/amendment filed 12/27/2005. Claims 3 
and 25 have been amended; claims 15-19 have been cancelled. 

2. In response to Applicant's request for an interview, the Applicant is welcome to 
contact the Examiner to arrange for an interview before Applicant's next reply. 

Response to Arguments 

3. Applicant's arguments filed 12/27/2005 have been fully considered but they are 
not persuasive. With respect to the rejection of claims 3 and 9, Applicant states that 
Menezes's teaching of generating the session key by combing a random value (re) 
generated by a second device (B) and a long-term symmetric key (K) provided by a first 
device (A) is not consistent with the claimed invention where the data (long term value) 
and the short term value are generated by the first device. First, Menezes does not 
disclose that the long-term symmetric key K' is provided by device A, but only discloses 
that the key K' is a long-term key shared between devices A and B for deriving session 
keys. Secondly, it is not relevant which device generates the long-term shared key K' in 
Menezes because Davis already discloses a device that generates a long-term shared 
key and as well as a session key. What Davis fails to teach is the device generating the 
session key by generating a short-term value and combining the long-term shared key 
with the short-term value. As a result, Menezes is relied upon for providing the feature 
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that Davis fails to teach as Menezes discloses that device B generates a session key by 
generating a short-term value r B and combining the long-term shared key K' with rs. 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 2-7, 9, 12-13 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Davis (5,818,939) in view of Menezes ("Handbook of Applied Cryptography", 
Section 12.3) and Levy et al (6,212,633). 

Regarding claims 3, 2 and 4-5, Davis discloses a method in which a chipset 
communicates with a cryptographic unit when both devices are powered up during 
manufacture, the cryptographic unit then generates a shared secret key which is a long- 
term value, and stores the long-term shared key in a protected internal memory. Davis 
further discloses that the cryptographic unit also generates a session key in response to 
a communication session which is a periodic event, the session key being a secret 
value (fig. 4; col. 5, lines 25-44). 

Davis does not disclose that the cryptographic unit generates the session key by 
generating a short-term value and combining the long-term shared key with the short- 
term value. Menezes discloses that a first entity, entity B, generates a short-term value 
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and then generates a secret value (i.e., a session key) that is a combination of a shared 
long-term value, and a short-term value (p. 499, 2 nd par., "In the other techniques ... and 
key derivation"; section 12.20). It would have been obvious to one of ordinary skill in 
the art at the time the invention was made to modify the Davis method such that the 
cryptographic unit generates the session key by generating a short-term value and 
combining the long-term shared key with the short-term value, as taught by Menezes. 
The motivation for doing so would have been that a key derivation protocol which 
entirely avoids the use of an encryption function might offer potential advantages with 
respect to export restrictions (p. 499, 2 nd par). 

Davis does not disclose that the periodic event being a power-up sequence. 
Levy discloses that new session keys are generated in response to a power-up 
sequence (col. 9, lines 46-59; col. 16, lines 54-62). It would have been obvious to one 
of ordinary skill in the art at the time the invention was made to modify the Davis method 
further to generate the secret value in response to the power-up sequence, as taught by 
Levy. Accordingly the short-term value is also generated in response to the power-up 
sequence. The motivation for doing so would have been that the encryption scheme is 
changed on a regular basis, thereby heightening the security for the interface. 

Regarding claim 6, Menezes further discloses transmitting a second command 
from a second entity, entity A, to the first entity and generating the short-term value 
within the first entity in response to the second command (page 499, section 12.20). It 
would have been obvious to one of ordinary skill in the art at the time the invention was 
made to modify the Davis method to transmit a second command from a second entity 



Application/Control Number: 09/747,238 Page 5 

Art Unit: 2132 

to the first entity and generate the short-term value within the first entity in response to 
the second command, as taught by Menezes. Please refer to motivation recited for 
generating a secret value within the first device, the secret value being a combination of 
both the long-term value and a short-term value as taught by Menezes in claim 3. 

Regarding claim 7, Menezes further discloses transmitting the short-term value to 
a second entity prior to producing the secret value (page 499, section 12.20). It would 
have been obvious to one of ordinary skill in the art at the time the invention was made 
to modify the Davis method to transmit the short-term value to the second device prior 
to producing the secret value, as taught by Menezes. Please refer to motivation recited 
for generating a secret value within the first device, the secret value being a 
combination of both the long-term value and a short-term value as taught by Menezes in 
claim 3. 

Regarding claims 9 and 12-13, Davis discloses a method comprising: generating 
a shared secret key, which is a long-term value, within a cryptographic unit, the shared 
secret key generated upon detecting an initial power-up of a chipset during 
manufacture; permanently storing the long-term value within a protected area of an 
internal memory; providing the long-term value to a second device communicatively 
coupled to the chipset; generating a session key for each communication session which 
is a periodic event, the session key being a secret value. Davis does not disclose 
generating a short-term value being modified after each power up sequence; providing 
the short-term value to the second device; and generating a secret value within the first 
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device and the second device, the secret value being a combination of both the long- 
term value and the short-term value. 

Menezes discloses a method for deriving a session key which is a secret value 
for each communications session between two entities using a long-term secret shared 
by the entities, the method comprising: generating a short-term value within a first entity, 
entity B, the short-term value being modified after each periodic event; providing the 
short-term value to the second device; and generating a session key, which meets the 
limitation of a secret value, within the first and second entities, the session key being a 
combination of both the long-term value and the short-term value (p. 499, section 
12.20). It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the Davis method to include the steps of generating a 
short-term value within the first device, the short-term value being modified after each 
periodic event; providing the short-term value to the second device; and generating a 
session key within the first device and the second device, the session key being a 
combination of both the long-term value and the short-term value, as taught by 
Menezes. The motivation for doing so would have been that a key derivation protocol 
which entirely avoids the use of an encryption function might offer potential advantages 
with respect to export restrictions (p. 499, 2 nd par). 

Levy discloses that new session keys, which meet the limitation of secret values, 
are generated in response to a power-up sequence (col. 9, lines 46-59; col. 16, lines 54- 
62). It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to modify the Davis method further to generate the secret value in 
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response to the power-up sequence, as taught by Levy. Accordingly the short-term 
value is also generated in response to the power-up sequence. The motivation for 
doing so would have been that the encryption scheme is changed on a regular basis, 
thereby heightening the security for the interface. 

6. Claims 8 and 14 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Davis in view of Menezes and Levy as applied to claims 3 and 9 above, and further in 
view of Menezes ("Handbook of Applied Cryptography", Section 10.2). Menezes 
discloses that the combination of claim 3 is a result produced by performing a hash 
operation on both the data and the short-term value. However, Menezes does not 
disclose that the hash operation is performed successively. Menezes, in Section 10.2, 
discloses successively performing a hash operation (p. 390, 2 nd par.). It would have 
been obvious to one of ordinary skill in the art at the time the invention was made to 
modify the method of claims 3 and 9 such that that the hash operation is performed 
successively, as taught by Menezes, in order to slow down attacks. 

7. Claim 1 1 is rejected under 35 U.S.C. 103(a) as being unpatentable over Davis in 
view of Menezes and Levy as applied to claim 9 above, and further in view of Burns 
("INTEL: Intel introduces new chipset for intel Pentium III processor-based performance 
PCs"). Davis further discloses a cryptographic unit which meets the limitation of a 
trusted platform module (fig. 4). Davis does not disclose an input/output control hub 
(ICH). Burns discloses a chipset comprising an ICH ("This revolutionary chipset 
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architecture ... and a Firmware Hub"). It would have been obvious to one of ordinary 
skill in the art at the time the invention was made to modify the Davis method further 
such that the second device is an ICH, as taught by Burns. The ICH includes an Alert 
on LAN feature that allows a non-booting system to send a status update to the network 
administrator even when the microprocessor is not present. 

8. Claims 20, 22-23, 25-26 and 28 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Davis in view of Menezes (Section 12.3). 

Regarding claims 20, 22, 25-26 and 28, Davis discloses a device comprising: an 
internal memory (fig. 4, element 610); an asymmetric key generation unit to generate, in 
response to an initial power up sequence of the device when in communication with 
another device during manufacture, a unique long-term value for permanent storage in 
a protected area of the internal memory (col. 5, lines 24-44; col. 6, lines 57-65). Davis 
further discloses that the asymmetric key generation unit generates a session key, 
which meets the limitation of a secret value; however, Davis does not disclose that the 
asymmetric key generation unit generates, in response to a periodic event, a short-term 
value for storage in the internal memory and a cryptographic engine to produce the 
session key by combining both the long-term value and the short-term value. Menezes 
discloses a key generation unit for deriving a session key, which meets the limitation of 
a secret value, by generating, in response to a periodic event, a short-term value for 
storage in the internal memory; and a cryptographic engine to produce the session key 
by combining both the long-term value and the short-term value (p. 499, section 12.20). 
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It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to modify the Davis device such that the asymmetric key generation unit 
generates, in response to a periodic event, a short-term value for storage in the internal 
memory and a cryptographic engine to produce a secret value by combining both the 
long-term value and the short-term value, as taught by Menezes. The motivation for 
doing so would have been that a key derivation protocol which entirely avoids the use of 
an encryption function might offer potential advantages with respect to export 
restrictions (p. 499, 2 nd paragraph). 

Regarding claim 23, Davis further discloses that the internal memory includes a 
non-volatile memory (fig. 4, element 610) and a volatile memory (fig. 4, element 615). 

9. Claims 21 and 27 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Davis in view of Menezes as applied to claims 20 and 25 above, and further in 
view of Levy. Davis and Menezes do not disclose that the periodic event includes a 
power-up sequence. Levy discloses that new session keys, which meet the limitation of , 
secret values, are generated in response to a power-up sequence (col. 9, lines 46-59; 
col. 16, lines 54-62). It would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify the Davis method further to generate the secret 
value in response to the power-up sequence, as taught by Levy. Accordingly the short- , 
term value is also generated in response to the power-up sequence. The motivation for 
doing so would have been that the encryption scheme is changed on a regular basis, 
thereby heightening the security for the interface. 
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1 0. Claim 24 is rejected under 35 U.S.C. 1 03(a) as being unpatentable over Davis in 
view of Menezes as applied to claim 20 above, and further in view of Menezes (Section 
10.2). Menezes (p. 499, section 12.20) discloses that the secret value is a result 
produced by performing a hash operation on both the long-term value and the short- 
term value. However, Menezes does not disclose that the hash operation is performed 
successively. Menezes, in Section 10.2, discloses successively performing a hash 
operation (p. 390, 2 nd par.). It would have been obvious to one of ordinary skill in the art 
at the time the invention was made to modify the method of claim 20 such that that the 
hash operation is performed successively, as taught by Menezes, in order to slow down 
attacks. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Minh Dinh whose telephone number is 571-272-3802. 
The examiner can normally be reached on Mon-Fri: 10:00am-6:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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Minh Dinh 
Examiner 
Art Unit 21 32 
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